-
Notifications
You must be signed in to change notification settings - Fork 987
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #31165 - sync usergroups only for given user #8204
Fixes #31165 - sync usergroups only for given user #8204
Conversation
Issues: #31165 |
d49bbda
to
caec689
Compare
@@ -134,15 +134,14 @@ def update_usergroups(login) | |||
.where(ExternalUsergroup.arel_table[:auth_source_id].eq(id)) | |||
.pluck(:id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Non blocking suggestion:
perhaps this should be called current_external_ids
so it's clearer?
You could get rid of the joins and arel here with something like:
current_external_ids = user.usergroups
.where(id: ExternalUsergroup.where(auth_source_id: id).select(:usergroup_id))
.pluck(:id)
Usergroup.where(id: usergroup_ids.uniq).find_each do |usergroup| | ||
refresh_usergroup_members(usergroup) | ||
end | ||
external_mapping_ids = ExternalUsergroup.where(auth_source_id: id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if we rename the variables to be more descriptive, this would perhaps be updated_external_ids
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated dosn't sound correct as those are ALL not just UPDATED ids 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I went with actual_external_ids
... ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OR correct_external_ids
?
user.usergroup_ids -= (usergroup_ids - external_mapping_ids) | ||
user.usergroup_ids += (external_mapping_ids - usergroup_ids) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about:
user.usergroup_ids -= (usergroup_ids - external_mapping_ids) | |
user.usergroup_ids += (external_mapping_ids - usergroup_ids) | |
user.usergroup_ids = user.usergroup_ids - current_external_ids + updated_external_ids | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice 👍
caec689
to
c1c9b57
Compare
5829d85
to
7eb201b
Compare
Note I've added one more test to cover the auditing (as I was not 100% sure it works without validation) :) |
In @17c4b47 we've disabled synchronization of groups for user from different auth sources. That gave us oportunity to sync the groups directly from fetched groups. This is changing the Auditing of group membership, as of now it is being audited as User update, not Usergroup update.
7eb201b
to
ca17c26
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @ezr-ondrej !
In 17c4b47 we've disabled synchronization of groups for user from different auth sources.
That gave us oportunity to sync the groups directly from fetched groups.
This is changing the Auditing of group membership, as of now it is being audited as User update, not Usergroup update.
See #6388 for previous change - we kept back there and didn't want to regress usage of synchronization of groups from two authsources for given user, but that should not be a valid case and the speedup is significat if we don't support it.